It’s possible, at least for GPG. I’m not sure about WebAuthn. Regardless, generating the key right on the device is the most secure way of doing it.
It’s also hard to manage keys you’re loading yourself. Once I loaded a private key onto my YubiKey and accidentally failed to backup the private key because I used the wrong syntax when I exported it. I didn’t even realize until I got a new YubiKey and went to load my GPG keys onto it. I was only using it for signing, so it wasn’t a huge deal, but if I’d been using it for encryption / decryption it would have been a disaster.
It’s also hard to manage keys you’re loading yourself. Once I loaded a private key onto my YubiKey and accidentally failed to backup the private key because I used the wrong syntax when I exported it. I didn’t even realize until I got a new YubiKey and went to load my GPG keys onto it. I was only using it for signing, so it wasn’t a huge deal, but if I’d been using it for encryption / decryption it would have been a disaster.